USN-471-1: libexif vulnerability
Posted on: 06/12/2007 01:25 AM

A new libexif vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-471-1 June 11, 2007
libexif vulnerability
CVE-2007-2645
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libexif12 0.6.12-2ubuntu0.1

Ubuntu 6.10:
libexif12 0.6.13-4ubuntu0.1

Ubuntu 7.04:
libexif12 0.6.13-5ubuntu0.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

Victor Stinner discovered that libexif did not correctly validate the
size of some EXIF header fields. By tricking a user into opening an
image with specially crafted EXIF headers, a remote attacker could cause
the application using libexif to crash, resulting in a denial of service.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
-2ubuntu0.1.diff.gz
Size/MD5: 3799 404b94c6dc02fded399d2015829b35ee
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
-2ubuntu0.1.dsc
Size/MD5: 600 ba2fd679c82d39a8fd22845c3244cf38
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.12=
.orig.tar.gz
Size/MD5: 537829 69501aaf0862a79aaeeb73e81e8c1306

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.1_amd64.deb
Size/MD5: 77634 abcac032c95e9128eb9562fd3e8c9c3c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.1_amd64.deb
Size/MD5: 61804 4d4bff0d5f7a0fbd55baea101638440a

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.1_i386.deb
Size/MD5: 72878 53d6a23f8515d65645711d1b74630fbf
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.1_i386.deb
Size/MD5: 57686 032f3abaf88451cbb08dbf8f6a74b90f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.1_powerpc.deb
Size/MD5: 78066 0402629c14b6396692a18aceefa17de7
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.1_powerpc.deb
Size/MD5: 60642 800f64893ff9eeb837443c92726c5784

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.12-2ubuntu0.1_sparc.deb
Size/MD5: 75652 8a8ff09cd40054c01305bfaaa738e28c
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
12-2ubuntu0.1_sparc.deb
Size/MD5: 58672 62e3912837cd84c59d87f8b5cef94927

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-4ubuntu0.1.diff.gz
Size/MD5: 4090 7bb28740d6996a32944568fd5752279f
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-4ubuntu0.1.dsc
Size/MD5: 619 5106e84640dc952172c2418b832506d1
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
.orig.tar.gz
Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.1_amd64.deb
Size/MD5: 1005486 27c44f76b5356c2e5252cf74109cc948
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.1_amd64.deb
Size/MD5: 69208 c374d298d31ffcc1e66490c8a625f3a5

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.1_i386.deb
Size/MD5: 995998 ff15d1e752e6b6d10e411546376af0e7
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.1_i386.deb
Size/MD5: 66008 951d7e9445cf0e2167a85031525be878

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.1_powerpc.deb
Size/MD5: 1005170 240c110c041580afc02b588340471c80
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.1_powerpc.deb
Size/MD5: 64638 c4aef67ceac06a7296348efdacad3184

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-4ubuntu0.1_sparc.deb
Size/MD5: 1002480 018082e64ad3d8f90dbea766f6331f4f
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-4ubuntu0.1_sparc.deb
Size/MD5: 64536 c7beaa479951d01dadae0cb42b2fc20c

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-5ubuntu0.1.diff.gz
Size/MD5: 9109 7e344567afce19f3260b9e01d0a5467b
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
-5ubuntu0.1.dsc
Size/MD5: 703 2a77275783bcf3640094d7211030baf3
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif_0.6.13=
.orig.tar.gz
Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.1_amd64.deb
Size/MD5: 1005748 c4a6dee59ed66a7da794a1e3e5e2a115
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.1_amd64.deb
Size/MD5: 70130 c42288b602f05f883b77c96a98b17ff3

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.1_i386.deb
Size/MD5: 996420 7c04dd612e03148d48e6b789e45eae24
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.1_i386.deb
Size/MD5: 67134 2f2a1b6842687460da7b538d25328d4b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.1_powerpc.deb
Size/MD5: 1005978 f1f145431e46cbf64578f5f5303affad
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.1_powerpc.deb
Size/MD5: 67722 1e7ffec961515ad044eac32f5d22c94f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif-dev_0.=
6.13-5ubuntu0.1_sparc.deb
Size/MD5: 1002944 3264007332abd428dc4c26e3a67c36cc
http://security.ubuntu.com/ubuntu/pool/main/libe/libexif/libexif12_0.6.=
13-5ubuntu0.1_sparc.deb
Size/MD5: 65436 44b4d989149fc1f88e1acf4e88e16c33


--1PHmS26pdpOR3Xc0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGbcseH/9LqRcGPm0RAvZSAJ9LYdRM2G0MXUQPq1Tk8d6qfXsfuQCfXSE3
TlglSReeHNlRQe65R2xoWhI=
=5NWy
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_471_1_libexif_vulnerability.html)